On Sat, May 30, 2015 at 09:48:15AM +0200, Short, Todd via RT wrote: > Hello OpenSSL Org: > > This is a change that Akamai has made to its implementation of OpenSSL. > > Version: master branch > Description: Add IPv4/IPv6:port-based client cache > > Update client cache to use IPv4/v6 addresses via sockaddr_storage. > Add unit tests for client cache > > (Documentation is in the source files, not a .pod)
Do you have code to produce usable manpages from the embedded documentation? We can't ask users to read the source. Perhaps a ".pod" could be generated? > > Github link: > > https://github.com/akamai/openssl/commit/6bac97c07d7f6eb3015a2b5fe2869b0560a9594a Apart from documentation, I have two major issues: * The copyright notice does not refer to any license that would allow inclusion in OpenSSL. * The cache is indexed by "ip & port", but the same TCP endpoint can serve multiple domains via SNI. It is wrong to reuse a session obtained for one SNI name (server certificate) with a different SNI name (different server certificate). * The use of the session cache hash function appears to be wrong. The session hash is based on the session id, but the session used for lookup has just ex_data with the ip/port, which don't get used at all. * Perhaps other issues too, but this is far from ready it seems. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
